I have a few things that I host from my house. I have read that it’s better practice to route stuff through a VPS to not expose your home IP.

Here’s what I’ve done so far: VPN setup on VPS with successful routing of containers. Confirmed by using a CLI IP check within the container which returned the VPS IP. I used PiVPN because I know it and it’s easy to set up.

Where I got stuck: I pointed Nginx to the supposed IP:port of the connection, but couldn’t get it to load.

What should I do next?

  • @[email protected]English
    312 hours ago

    This part always confuses me, so I won’t be able to give specifics; just a general direction. Most guides explain how to route traffic from a vpn client to the lan of the vpn host. You need to route traffic from the vpn host/lan to a client of the vpn.

    You need to change the routing table on the VPS, adding a static route to route traffic heading for your VPNs subnet to the VPN host instead of out the default gateway.

    How exactly to do that I’ll have to leave to someone else unfortunately. Network config confuses the hell out of me.

  • @[email protected]English
    112 hours ago

    Are the ports on your home firewall open? You need to use the public IP of your home router, open the required ports on the router (you can limit them to accept the incoming request from your VPS IP), and map them to a specific local device IP address and port on your router

  • @[email protected]English
    112 hours ago

    I am not sure what the problem here is but just want to make sure you realize that if you were to do that, all the requests won’t be directly going to your home server, but they will be routed via your VPS. So the performance will be hit by quite a bit, depending on the ping to the VPS and the VPS upload and download speeds. It’s a very privacy focused approach and you probably don’t need that.

    The only benefits you get are that if you browse the web and someone gets your IP, you won’t be able to be matched with your domain’s IP, and that the feds won’t be able to match your public services with your home network (and you in the result).

    Otherwise you shall be good just making sure that the ports you expose on your router are the Nginx ones, and won’t experience increased latency on all your requests this way.

  • @Windex007English
    215 hours ago

    May or may not be applicable to your case, but often applications need additional configuration to work with a reverse proxy. Usually setting from what IPs it will accept forward headers from (your reverse proxy) and what the original requested host was (externally requested domain, eg: yourservice.yourdomain.com)

    If your new setup has resulted in changes to either of those things, the issue might be a now-incorrect config of your apps behind the reverse proxy.

  • @[email protected]English
    215 hours ago

    VPN setup on VPS with successful routing of containers. Confirmed by using a CLI IP check within the container which returned the VPS IP

    If you want to route traffic from the VPS over the VPN, and the check returned the IP address of the VPS, this confirms it is not working. You need to configure your VPS to route traffic over the VPN. Personally, I’ve done this in the reverse direction (routing local qbittorrent to a public VPN) with gluetun.

    • @[email protected]OPEnglish
      315 hours ago

      I think you got it reversed. I want the container traffic to go through the VPN to the VPS and I want the reverse proxy on the VPS to point to that container.

      I want the website (hosted at my house) to be accessible through the VPS so my IP isn’t directly exposed.

      • @[email protected]English
        214 hours ago

        You’ve confirmed I’ve understood it correctly. Someone on the Internet requests your site. They reach your VPS with nginx. So far so good. Now, how does nginx know how to reach the upstream service?

        • @[email protected]OPEnglish
          113 hours ago

          The goal is to route the services through the VPN and point Nginx to them… but it doesn’t work.

            • @[email protected]OPEnglish
              111 hours ago

              For the services already hosted by the VPS, I just point service.web.site to the appropriate localhost:port.

              My hiccup is that the VPN software (pivpn) gives me an internal IP for the clients but pointing Nginx to that IP doesn’t work.

              • @[email protected]English
                19 hours ago

                The nginx host is the VPN client in this case, so it’d be connecting to itself. You need to point it to the host on the VPN server side network.

  • 6️⃣9️⃣4️⃣2️⃣0️⃣English
    215 hours ago

    I’m assuming that you are trying to proxy an http web server. If not, you’re going to have a hard time with nginx. Can you post your nginx config? Are you getting any response from nginx at all?

    • @[email protected]OPEnglish
      115 hours ago

      Nginx was already set up and working before. I have some sites hosted directly on the VPS as well.

      I’m just not sure how to make a http request go to a VPN client

      • @[email protected]English
        19 hours ago

        By using its ip:port

        If you have homeserver1 running stuff and that’s connected to the vps through vpn you make sure your homeserver1 service that you want to proxy runs on the homeserver1’s vpn ip.

        For docker this is done by specifying that ip when you expose ports or use 0.0.0.0

        I assume you can already ping homeserver1 from the vps by using the vpn address of homeserver1

      • 6️⃣9️⃣4️⃣2️⃣0️⃣English
        514 hours ago

        Assuming your local service is accessible from the nginx server, you can proxy the request to it:

        server {
  listen 80;
  location / {
    proxy_pass http://10.100.100.2:3000/;
  }
}

        …where 10.100.100.2 is your local IP on the VPN and 3000 is the local port your service is listening on, and 80 is the public port your nginx server listens on. Everything that hits your nginx server at http://yourserver.com:80/ will proxy back to your local service at http://10.100.100.2:3000/. Depending on what you’re hosting, you may need to add some things to the config.

  • @just_another_personEnglish
    -214 hours ago

    Unless your VPN provider supports static port mapping, this is not going to work.

    • @[email protected]OPEnglish
      213 hours ago

      The VPN is hosted on the VPS, which I rent and have full control of. It’s my own VPN between my devices.

      The intent is to put my VPS between my services and the outside world so that it doesn’t expose my home IP.

      • @just_another_personEnglish
        -312 hours ago

        Okay…back up a bit.

        You have a VPS server hosted somewhere…so which IP are you trying to obfuscate with a VPN?

        Why don’t you just host your public services on the VPS, and whatever else private on your home equipment.

        • @[email protected]OPEnglish
          211 hours ago

          which IP are you trying to obfuscate with a VPN?

          My goal was to hide my home IP by routing everything through the VPS. The VPN is hosted on the VPS.

          Why don’t you just host your public services on the VPS, and whatever else private on your home equipment.

          The VPS is 1 core and 35 GB of storage. I host several websites and some game serves on my home server.